Global Conditions

A global condition defines exclusions from access analysis that apply across all access models and controls.

A given model or control defines a pool of records subject to access analysis: those involving access points specified by its access-point and entitlement filters, minus those excluded by condition filters specific to the model or control. A global condition implements a further exclusion: from the pool for each model or control, it selects records, and so excludes all it doesn't select.

However, each global condition is specific to a data source. So it actually acts upon only models and controls that analyze data supplied by that data source.

A single global condition may contain any number of condition filters. A given filter selects exactly the same records as it would in an access model.

• An ordinary condition filter may select records of access assignments in which the values of an attribute satisfy a condition, such as "Business Unit equals Consumer Electronics."

• A "Within Same" condition filter selects records of access assignments only within, or only across, entities such as business units.

Be aware that creating, editing, or inactivating a global condition may add or remove exclusions to models and controls in your environment. When you run controls after creating or modifying global conditions, you may cause existing incidents to be closed, or closed incidents to be reopened at the Assigned status, automatically.

In the pages to create and edit access models, an Access Global Conditions panel displays the global conditions that are active in your environment. These are display-only. You can't create or edit global conditions in these pages.

To work with global conditions, select Access Global Conditions in the Actions menu on the Models page. In an Access Global Conditions page, each row provides summary information about a global condition. Click the name of a global condition to open a page that displays full details of its configuration.